Try our new research platform with insights from 80,000+ expert users
Splunk Enterprise Security Logo

Splunk Enterprise Security pros and cons

Vendor: Splunk
4.2 out of 5
Badge Ranked 1
9,780 followers
Post review

Pros & Cons summary

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Splunk Enterprise Security excels at rapid search capabilities, effectively indexing a variety of log types and delivering insights quickly.
It seamlessly integrates with various devices and infrastructures, providing a centralized approach to data management and threat detection.
Customization is a key feature, allowing tailored dashboards and analytics, accommodating specific organizational needs without additional tools.
Splunk Enterprise Security's risk-based alerting and correlation searches enhance incident detection and response efficiency.
The comprehensive logging features and threat intelligence integrations help in proactive threat mitigation and data analysis.

CONS

Administration requires SSH access and command line, lacking GUI tools for cluster management and app deployment.
User access control is not granular enough to manage specific feature permissions.
Technical support response times are slow and require follow-up on open cases.
The architecture is complex, particularly beyond a single server instance, increasing management difficulty.
Pricing and licensing are high, creating barriers for many organizations.
 

Splunk Enterprise Security Pros review quotes

Rishabh Gandhi - PeerSpot reviewer
Sep 6, 2023
Our clients use the solution to find any threats or vulnerabilities inside their environment.
SC
Aug 11, 2023
The most valuable features include agility and Splunk Enterprise Security's ability to quickly search for alerted items, as well as the capacity to create custom alerts using the SQL language employed by Splunk.
reviewer953235 - PeerSpot reviewer
Dec 22, 2021
The feature that I have found most valuable with Splunk is the ability to sift through a bunch of data very quickly.
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
reviewer2309169 - PeerSpot reviewer
Nov 13, 2023
The best part of Splunk Enterprise Security is its customizable settings.
reviewer2499732 - PeerSpot reviewer
Jun 13, 2024
It is lovely to have everything we need in one tool. Everything is quite centralized.
reviewer2382405 - PeerSpot reviewer
Mar 22, 2024
Splunk Enterprise Security allows us to create custom dashboards by changing fonts and modifying widgets.
reviewer2182467 - PeerSpot reviewer
May 11, 2023
The varied prebuilt feature is the most valuable because it ensures that we have complete coverage over all of the key questions.
reviewer2499627 - PeerSpot reviewer
Jun 12, 2024
The most valuable feature of Splunk Enterprise Security is the threat intelligence integration because essentially having to go out and correlate all the data on our own becomes convoluted.
Daniel Hammons - PeerSpot reviewer
Jun 13, 2024
The incident review pane is the best part of it because that is where the SOC lives. It is the heartbeat of what the SOC needs to do. You are able to start the investigative process. As you are sitting in the incident review pane, you see the alert, and from that one alert, which is called a notable alert, you can drill in and see all the different specific details that are tied to that.
Valarie - PeerSpot reviewer
Jun 12, 2024
Being able to aggregate detection and alerts from various sources is valuable. Like everyone else, we have a wide range of tools in our shop. We are able to stop at one spot and look at all the data. All the data is able to come through, and we can then jump from source to source or index to index. We can dig deep whenever we need to and get a good high-level understanding.
 

Splunk Enterprise Security Cons review quotes

Rishabh Gandhi - PeerSpot reviewer
Sep 6, 2023
It would be great if I could have a certain dialogue box in Splunk that uses innovative AI tools like ChatGPT, which are available now in the tech department.
SC
Aug 11, 2023
Splunk could enhance its services by providing more comprehensive professional assistance aimed at optimizing our investment.
reviewer953235 - PeerSpot reviewer
Dec 22, 2021
Their technical support sucks.
Learn what your peers think about Splunk Enterprise Security. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
824,067 professionals have used our research since 2012.
reviewer2309169 - PeerSpot reviewer
Nov 13, 2023
Splunk Enterprise Security has not helped reduce our alert volume.
reviewer2499732 - PeerSpot reviewer
Jun 13, 2024
Splunk Enterprise Security provides us with the relevant context to help guide our investigations, but it would be interesting to add even more context, for instance, in order to raise the level of risk.
reviewer2382405 - PeerSpot reviewer
Mar 22, 2024
I've noticed that onboarding data from various multi-cloud sources and diverse products, such as security network devices, can be challenging.
reviewer2182467 - PeerSpot reviewer
May 11, 2023
It is important to make sure that everything is built off of the threat models and all the underlying items within Splunk.
reviewer2499627 - PeerSpot reviewer
Jun 12, 2024
For us, the area that Splunk Enterprise Security can improve is performance optimization.
Daniel Hammons - PeerSpot reviewer
Jun 13, 2024
Being able to have a one-stop shop where you have the alert, but then you can generate the case right there from Splunk Enterprise Security instead of having to pivot to another tool such as Mission Control. You do not have to keep bouncing between them, so if you could do it all in one place, that would be great. The new release is supposed to start getting in that direction.
Valarie - PeerSpot reviewer
Jun 12, 2024
The first thing that comes to mind is a little bit of UI improvement. It sometimes can be a little bit buggy or it can be a little bit slow, but that varies from customer to customer.